We are also experiencing this issue with "some" emails originating from Mimecast servers.  It is hit and miss and the same Mimecast server might deliver 10 mails fine, and then 3 or 4 will be missing the headers.

I stopped the spool and was able to successfully capture some failed messages. and have pasted them below.  These are the RAW eml files that appear in the spool folder.  (Confidential data removed).  As you can see most of the normal headers are missing, and all but the last "Received:" headers are missing as well.

Return-Path: <###@##.com>
Received: from eu-smtp-delivery-185.mimecast.com (eu-smtp-delivery-185.mimecast.com [146.101.78.185]) by ##.##.## with SMTP;
   Tue, 4 Jun 2019 16:50:16 -0400
Content-Type: multipart/alternative;
    boundary="_000_AM6PR07MB557626B7FBC953EF995D20C3EC150AM6PR07MB5576eurp_"

Return-Path: <##@##.com>
Received: from us-smtp-delivery-181.mimecast.com (us-smtp-delivery-181.mimecast.com [63.128.21.181]) by ##.##.## with SMTP;
   Wed, 5 Jun 2019 10:51:02 -0400
Content-Type: text/plain; charset=WINDOWS-1252
Content-Transfer-Encoding: quoted-printable

There does not seem to be any pattern to which messages fail or any pattern with originating domains.  This just started happening the last week or so.  We are on SmarterMail Enterprise Build 7068 (May 9, 2019).  This server has been running fine for several years and we updated shortly after this version was released.

Hello everyone. We have received misc reports of similar behavior, and through deeper investigation we were able to confirm the messages are being handed off without a from address and other pertinent details. As such, I recommend submitting a support ticket with Mimecast to have them perform the relevant diagnostics. If you require further assistance with this after speaking with them I strongly suggest submitting a support ticket so we can look into this further. 

If possible, please provide the Delivery/SMTP session logs associated with the failed messages, and collect Wireshark packet captures of these same sessions as these should help confirm the missing header information during handoff. 

Kyle,

I have (2) separate installations reporting the same behavior.

Seems to be hit and miss...  Sometimes messages pass through OK, other times they are stripped down...

Starter a week or so ago...  I have read some very recent comments from folks with similar behavior and the first suggestion I tried was turning OFF all SPAM checking.  Seemed to help some but not completely.  This is obviously only a temp solution to try and figure out the source.

Was about to try another suggestion turning off CLAMAV but came across this thread first.

Tried your suggestion of contacting Mimecast directly by phone but learned pretty quickly that they are not going to take a phone call or accept a trouble ticket from a NON-Customer...  So not sure how to submit a ticket with them.

Doesn't it make more sense for Smartmail to contact them and explain that something they are doing or have recently changed is affecting your customers...

Before seeing this thread I just assumed this was some basic ransomware method Smartermail was using to force old customers to re-buy the latest version...  No proof of that of course, just a coincidence I suppose...  Not objecting to the practice if that's part of it...  Better ways to go about it, if it is, to get the same result....

I am a firm believer of "if it ain't broke" However, since it had been a while and Smartmail has been fairly robust for going on 14 years, I didn't have a problem paying up at one of our locations to see if it fixes the problem..

Copied my mail VM last night, un-installed 14.5 and then installed the 7090 build.  Didn't go perfectly smooth. Only have two domains, one Primary with 277Gig of mail and appx 60 users and a small unimportant domain with 20gig and 3 users.  The 3-user worked right out of the box but the primary domain failed..  After some quick work from Tony in Support (Him and Emily have both been great by the way)  he had us up in no time...

It's only been a couple hours so I cannot confirm if the upgrade resolved the stripping problem we (and others) are having but I will provide more feedback over the next day or so..

I am hesitant to spend another $500 something on the second location if Smartermail's suggestion is to suggest all of our customers contact Mimecast...  That is not likely to happen...

Come on Kyle,  There has to be something more that can be done...

Rolf, I don't see how this would be a strategy from Smartermail to force an upgrade. For this to happen you would need to install an update that contain code to create this behavior.

On another hand if you google a bit mimecast and missing headers, you can see people with other mailservers having same issue with mimecast:

https://community.spiceworks.com/topic/2192881-ibm-notes-mail-missing-parts-of-message-header 

Not sure it's related but kind looks like your issue.

Unfortunately I was not able to get through to Mimecast support either due to not being a customer, as they require an account number for security reasons. I did see on the Spiceworks page though that Mimecast has escalated that user's ticket and so hopefully this will be resolved soon.

I can confirm that we have seen the exact issue across all of our smartermail servers and the common denominator is mimecast.

We've advised our clients to notify the sender who in turn needs to raise the issue with mimecast.

pts rule name              description
---- ---------------------- --------------------------------------------------
 0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was blocked.
                            See
                            http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                             for more information.
                            [URIs: outlook.com]
-0.0 NO_RELAYS              Informational: message was not relayed via SMTP
 1.2 MISSING_HEADERS        Missing To: header
 0.1 URI_HEX                URI: URI hostname has long hexadecimal sequence
 0.1 MISSING_MID            Missing Message-Id: header
 1.8 MISSING_SUBJECT        Missing Subject: header
 1.0 MISSING_FROM           Missing From: header
-0.0 NO_RECEIVED            Informational: message has no Received headers
 1.4 MISSING_DATE           Missing Date: header
 0.0 NO_HEADERS_MESSAGE     Message appears to be missing most RFC-822 headers

 Smartermail support team have a look serious issue  missing header leads major mail went to spam folder  like hotmail & Gmail

Server Build 7242

Any one fix the issue then let me know ?

Received: from SN1NAM04HT109.eop-NAM04.prod.protection.outlook.com (2603:10b6:4:16::28) by DM6PR20MB2890.namprd20.prod.outlook.com with HTTPS via DM5PR2001CA0018.NAMPRD20.PROD.OUTLOOK.COM; Tue, 10 Dec 2019 15:37:57 +0000 Received: from SN1NAM04FT055.eop-NAM04.prod.protection.outlook.com (10.152.88.60) by SN1NAM04HT109.eop-NAM04.prod.protection.outlook.com (10.152.89.121) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2495.18; Tue, 10 Dec 2019 15:37:57 +0000 Authentication-Results: spf=pass (sender IP is 1.1.1.1) smtp.mailfrom=domain.com; msn.com; dkim=pass (signature was verified) header.d=domain.com;msn.com; dmarc=pass action=none header.from=domain.com; Received-SPF: Pass (protection.outlook.com: domain of domain.com designates 1.1.1.1 as permitted sender) receiver=protection.outlook.com; client-ip=1.1.1.1; helo=ip-hostname.com; Received: from hostname.com (1.1.1.1) by SN1NAM04FT055.mail.protection.outlook.com (10.152.89.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2495.18 via Frontend Transport; Tue, 10 Dec 2019 15:37:55 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:16A32B0AD31D936B2C291A8A1588233F530479D71E65E6EA7E5C46DB530E66A6;UpperCasedChecksum:5D230915B8CAE4A3127B63A81AB1FACA48B87D2B99BA53067919801849AC36BE;SizeAsReceived:1120;Count:11 X-SmarterMail-Authenticated-As: binesh@domain.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=domain.com; s=secure; h=content-type:mime-version:message-id:reply-to:date:subject:to :from; bh=TE2EDjIuFNmDS5BEW6/RHy/dpi+BUZaN3wH/505TvN0=; b=lbFVmayz2/BKyYqyTaJvtqHmrTYiEFj4zP+Qko8M0x3hQC4NRwOEiDjKXu52ZvtSc ozc4LyTCsCe1Ro7oeHPWjBn6c8Zra1esljPgf6iGYZHesMQ3j1xnSPx5IwJRA78qJ oqVfiN0FrkQFDO+n+PTggZT72En2ukWaRNNzsr+LMqIzBLX9qZ04CUUYjyEWdZ4rq AMLOoWA+4jW7wJ1S+zINxkmS1ENQymvCaiojEvIPNtmmZK5O0bRX4Ebs+CQZGWuBS CFIm/WruD2GsccCO7LDv7o7U582N23LkBvTWMgJb3quch+nJmxMX9Wb8rzYzZudie 36PT5gIKBf10e12lQ== From: "Binesh Shamunni" To: Subject: Hotmail Date: Tue, 10 Dec 2019 15:37:47 GMT Reply-To: binesh@domain.com Message-ID: Content-Type: multipart/alternative; boundary=46d27dbef45b4ecb908302ef7d881e73 X-Exim-Id: d01192b8d6de4111a92a1dd3b1c219d8 X-IncomingHeaderCount: 11 Return-Path: binesh@domain.com X-MS-Exchange-Organization-ExpirationStartTime: 10 Dec 2019 15:37:56.8257 (UTC) X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000 X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit X-MS-Exchange-Organization-Network-Message-Id: 9dcbeebe-50ba-4059-a2ac-08d77d86edff X-EOPAttributedMessage: 0 X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0 X-MS-Exchange-Organization-MessageDirectionality: Incoming X-Forefront-Antispam-Report: EFV:NLI; X-MS-Exchange-Organization-AuthSource: SN1NAM04FT055.eop-NAM04.prod.protection.outlook.com X-MS-Exchange-Organization-AuthAs: Anonymous X-MS-PublicTrafficType: Email X-MS-UserLastLogonTime: 12/10/2019 3:35:45 PM X-MS-Office365-Filtering-Correlation-Id: 9dcbeebe-50ba-4059-a2ac-08d77d86edff X-MS-TrafficTypeDiagnostic: SN1NAM04HT109: X-MS-Exchange-EOPDirect: true X-Sender-IP: 1.1.1.1 X-SID-PRA: BINESH@domain.COM X-SID-Result: PASS X-MS-Exchange-Organization-PCL: 2 X-Microsoft-Antispam: BCL:0; X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2019 15:37:55.5587 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9dcbeebe-50ba-4059-a2ac-08d77d86edff X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1NAM04HT109 X-MS-Exchange-Transport-EndToEndLatency: 00:00:01.9941850 X-MS-Exchange-Processed-By-BccFoldering: 15.20.2516.000 X-Microsoft-Antispam-Mailbox-Delivery: abwl:0;wl:1;pcwl:1;rwl:0;ucf:0;jmr:0;ex:0;auth:1;dest:I;OFR:TrustedSenderList;ENG:(5062000261)(5061607266)(5061608174)(4900115)(4920090)(6510075)(4950130)(570107); X-Message-Info: 5vMbyqxGkddoCPm6T3bgzztAhmb7fP34GMjTzHoJs9ZCkKYuUHodCmM1q9xE0krzbJYC8rEnkoA/Flro03Pb1MW1mzcFDWWCVXdGiXmjMtLtwDN9n2CkvOcgm5v4HKdD1MRMHz75cbmfKLJ64pmSKwlIWzvXTxX3jIkIaW1oR35tMjpICfezwbB95qYOVP8aLBAPZGZn/mZ4GVFxekWiEw== X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MTtHRD0yO1NDTD0tMQ== X-Microsoft-Antispam-Message-Info: kEq1COIFOUGLrm2cKRwnzqP7ZkFdtKVnU2KHTwJU4cmnBGOyVbWALBis8I2SVy0961XqM4rGPZztuWo6mFJHXJFQMMJzkrlt5w91LYjW5aaU6rYx9lgItv/jvRcaWsq/tdyNjbM6pq+O3I3ukKuIx19ytJFjtl2brVl4EaNPuYr9RVqUCqA7rvPQ71/XhdSfhls80tpShfJfCHDGeCU/OtZec792LLiLIFyZvdSP4n1N9R19kNrzPQQaNWTUQvhCsylj0Yiy/WkWaUOEoIgPzpPhGu778n3HflA1GZ8TOv0G8cq5AN3nlw006dqJSrp4W4B1tjY3PIjgE8IWa/JGPKORkcfdt67bMWyhQbybm1tNvKjhwXHEAU/VuFNCNr3dSgJw1DHZ5Q29YadjAF9YN2fzAuyLVfC28zcK7Vkl47KuuAf8J2MdirI5KSmL5orXgVJ3JykIBklC0GovIlzjXYk6j77uM6/uMs0Z84AjB8sBc6R3NXOu19GdQKQzRDcWxffjj3Ovdr+ZMn5XUcyeC9tRzEdmnukylClYvRfVjSuJJ5e/WnUxRJLvUH8crzD1SiahGfZUyFjHe8A+fSHEYMpRToXFVgyG/eQZWsxbGnJP6/rSTzgBQHby5vQ8vQh2hdJFl8uG/Dcv07gGp+sF3PtCDAuwuzCoEAhJrfG48tTo4B/pgJBjcJkQlWR157hmtWnqRTS3pHcV6FC30p3G32JUFK3ZQHAaqbHa1ta60fbr1f/I1unTwiXl1Tp2aXxGdm3CdhbJXgfjOEwllWubFuO1L9ux6Jp+OlkifzDolpkNNV5+iorY7Y3DwzzpQLtLAx3BHYHUOrLBIbY7Nsc0jA== MIME-Version: 1.0